On Wed, Nov 23, 2016 at 12:12 PM, Ayesha Dissanayaka <aye...@wso2.com> wrote:
> Hi, > > As I am working on fixing https://wso2.org/jira/browse/IDENTITY-5284, in > the user-name recovery UI we have below two options. > > 1. Making First name, Last name and Email mandatory in the recovery UI > 2. Keep them optional and validate at the back-end only if fields are > provided by the client. > > Its better to have option #2 as in the OOTB product. Anybody who use this capability in real scenario usually customize (with their own theming etc.) will have the flexibility to change the UI behaves. > What is the preferred behavior from above considering UX? > > Further, backend recovery API doesn't validate First name, Last name and > Email claims as mandatory and tries to find a user based on *provided > claim* values. [1] As of now, this validation returns user-name whenever > a matching user is found based on order of claims. It doesn't consider all > the claims. > As mentioned above, user can forced to fill any claim from the UI and the backend API serves in a generic way by validating only the set of claims its receives. Thanks, > From the client webapp it filter out First name, Last name and Email > claims for user-name recovery along with any other mandatory claims in the > system. > > [1] https://github.com/wso2-extensions/identity-governance/blob/master/ > components/org.wso2.carbon.identity.recovery/src/main/ > java/org/wso2/carbon/identity/recovery/username/ > NotificationUsernameRecoveryManager.java#L182 > <https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Fwso2-extensions%2Fidentity-governance%2Fblob%2Fmaster%2Fcomponents%2Forg.wso2.carbon.identity.recovery%2Fsrc%2Fmain%2Fjava%2Forg%2Fwso2%2Fcarbon%2Fidentity%2Frecovery%2Fusername%2FNotificationUsernameRecoveryManager.java%23L182&sa=D&sntz=1&usg=AFQjCNFVaciYduqr0Q10LuUHi2K7hx62yA> > > [2] https://github.com/wso2/carbon-identity-framework/ > blob/master/components/identity-mgt/org.wso2.carbon. > identity.mgt.endpoint/src/main/webapp/username-recovery.jsp#L45 > <https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Fwso2%2Fcarbon-identity-framework%2Fblob%2Fmaster%2Fcomponents%2Fidentity-mgt%2Forg.wso2.carbon.identity.mgt.endpoint%2Fsrc%2Fmain%2Fwebapp%2Fusername-recovery.jsp%23L45&sa=D&sntz=1&usg=AFQjCNGG3uBbYgcQQzHySILythLgJ8I9yw> > Regards, > -Ayesha > > > On Thu, Oct 27, 2016 at 8:39 PM, Ayesha Dissanayaka <aye...@wso2.com> > wrote: > >> Yes. It is not a good user experience to be able to send random email >> address and still be able to recover information. >> >> Created bug jira https://wso2.org/jira/browse/IDENTITY-5284. >> >> On Thu, Oct 27, 2016 at 6:57 PM, Johann Nallathamby <joh...@wso2.com> >> wrote: >> >>> Then we need to open a "Bug" jira and fix it IMO :). The current one can >>> be left as an improvement for future to dynamically decide to show claims >>> to uniquely identify the user. >>> >>> On Thu, Oct 27, 2016 at 6:15 PM, Ayesha Dissanayaka <aye...@wso2.com> >>> wrote: >>> >>>> >>>> On Thu, Oct 27, 2016 at 6:07 PM, Johann Nallathamby <joh...@wso2.com> >>>> wrote: >>>> >>>>> But then at least we have to make sure all the fields that we show are >>>>> validated. Otherwise as pointed out in the first mail it is confusing for >>>>> the user right? Are the claims configurable? All the claims we show in the >>>>> UI must be validated or we must not show them IMO. >>>>> >>>> >>>> Agreed with Johan. >>>> Same as I mentioned in Jira, >>>> >>>> "As of now if one entry is enough to identify a user in the user >>>> stores, others get discarded. Instead it should ask for more information >>>> from user on demand manner or should validate all the entry values at >>>> once." >>>> >>>> -- >>>> *Ayesha Dissanayaka* >>>> Software Engineer, >>>> WSO2, Inc : http://wso2.com >>>> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> >>>> 20, Palmgrove Avenue, Colombo 3 >>>> E-Mail: aye...@wso2.com <ayshsa...@gmail.com> >>>> >>> >>> >>> >>> -- >>> Thanks & Regards, >>> >>> *Johann Dilantha Nallathamby* >>> Technical Lead & Product Lead of WSO2 Identity Server >>> Governance Technologies Team >>> WSO2, Inc. >>> lean.enterprise.middleware >>> >>> Mobile - *+94777776950* >>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>> >> >> >> >> -- >> *Ayesha Dissanayaka* >> Software Engineer, >> WSO2, Inc : http://wso2.com >> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> >> 20, Palmgrove Avenue, Colombo 3 >> E-Mail: aye...@wso2.com <ayshsa...@gmail.com> >> > > > > -- > *Ayesha Dissanayaka* > Software Engineer, > WSO2, Inc : http://wso2.com > <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> > 20, Palmgrove Avenue, Colombo 3 > E-Mail: aye...@wso2.com <ayshsa...@gmail.com> > -- Regards, *Darshana Gunawardana*Associate Technical Lead WSO2 Inc.; http://wso2.com *E-mail: darsh...@wso2.com <darsh...@wso2.com>* *Mobile: +94718566859*Lean . Enterprise . Middleware
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev